Security
Table Of Contents
- View Security
- Contents
- View Security
- View Accounts, Resources, and Log Files
- View Security Settings
- Ports and Services
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Default Global Policies for Security Protocols and Cipher Suites
- Configuring Global Acceptance and Proposal Policies
- Configure Acceptance Policies on Individual View Servers
- Configure Proposal Policies on View Desktops
- Internet Engineering Task Force Standards
- Older Protocols and Ciphers Disabled in View
- Reducing MIME Type Security Risks
- Mitigating Cross-Site Scripting Attacks
- Content Type Checking
- Origin Checking
- Configuring Security Protocols and Cipher Suites for Blast Secure Gateway
- Deploying USB Devices in a Secure View Environment
- Index
View Accounts, Resources, and Log
Files 1
Having different accounts for specific components protects against giving individuals more access and
permissions than they need. Knowing the locations of configuration files and other files with sensitive data
aids in setting up security for various host systems.
This chapter includes the following topics:
n
“View Accounts,” on page 7
n
“View Resources,” on page 8
n
“View Log Files,” on page 8
View Accounts
You must set up system and database accounts to administer View components.
Table 1‑1. View System Accounts
View Component Required Accounts
Horizon Client Configure user accounts in Active Directory for the users who have access to remote desktops
and applications. The user accounts must be members of the Remote Desktop Users group, but
the accounts do not require View administrator privileges.
vCenter Server Configure a user account in Active Directory with permission to perform the operations in
vCenter Server that are necessary to support View.
For information about the required privileges, see the View Installation document.
View Composer Create a user account in Active Directory to use with View Composer. View Composer requires
this account to join linked-clone desktops to your Active Directory domain.
The user account should not be a View administrative account. Give the account the minimum
privileges that it requires to create and remove computer objects in a specified Active Directory
container. For example, the account does not require domain administrator privileges.
For information about the required privileges, see the View Installation document.
View Connection
Server
When you install View, you can specify a specific domain user, the local Administrators group,
or a specific domain user group as View administrators. We recommend creating a dedicated
domain user group of View administrators. The default is the currently logged in domain user.
In View Administrator, you can use View Configuration > Administrators to change the list of
View administrators.
See the View Administration document for information about the privileges that are required.
VMware, Inc. 7